If you've ever wondered about the value of becoming a Domino security expert, your time has come.

The demonstration in July of security vulnerabilities in Domino and Notes applications by consultants from Security Design International (SDI) Group and The Trust Factory at the annual DefCon meeting in Las Vegas brought attention to the fact that just following Domino's built-in security procedures may not be enough to protect your applications and databases from corporate intruders.

Download this free guide

Download: IT certifications that stand out

Are you looking to advance your career? Expand your knowledge? Boost your credibility? Our editors put together this complimentary 19-page guide on everything you need to know about obtaining an IT certification—with special attention given to cloud and desktop certifications.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

"There's been a shared assumption that if you had a tight Domino server, you were pretty safe. But now, beyond just Domino security, an overall understanding of Internet security is clearly a benefit," says Paul Della-Nebbia, a principal of The Learning Continuum, Boca Raton, Fla., a Notes distance learning provider. "When you have a strong understanding of security issues, it sets you apart from other Domino professionals."

Too many Domino administrators lack even rudimentary Domino security expertise, says Chris Goggans, director of operations at the SDI Group, Anandale, Va., who was one of the DefCon presenters. In his last 20 vulnerability assessments for corporate clients, he says, he found basic security flaws in Notes deployments. In one company, for example, the Domino servers were accessible via the `Net and critical system databases, like names.nsf, were available to anonymous browsing.

"There seems to be a shortage of people who have even the basic Notes/Domino security features down pat," Goggans says. "Beefing up your security expertise is definitely a good way to move your career forward."

In the Domino environment, at least 90% of the security burden lies with administrators rather than developers, notes Jeff Allen, a programmer at Computerworks, an Albany, N.Y.-based Lotus ISV. "As a development platform, Domino has some inherent security features built into it and developers are forced to work within those guidelines," he explains.

Domino administrators are well advised to come up-to-speed on at least the access control list and execution control list. "That's just a given, a bare minimum," Goggans says. Ultimately administrators should take a more holistic approach, going the extra mile to master the security features of the operating systems on which Domino runs, including Windows, Unix and AS/400.

"Domino administrators get too wrapped up in the specific applications rather than looking at big picture security issues," Goggans says. "In our assessments, we've been able to compromise Domino applications because of vulnerabilities in the operating system they were installed on. If the administrators were more [OS] savvy and knew how to tighten down [the OS], they wouldn't have been so vulnerable."

Not only will your company benefit from the extra effort, your career will benefit as well. Goggans points out that combining Domino administration experience with OS security expertise "makes you more well rounded and opens up a lot of doors."

And according to the 1999 salary survey of 11,064 systems administrators by the SANS Institute, administrators who managed three or more platforms earned higher salaries than those responsible for only one or two. Security administrators, security auditors and security consultants earned more than database administrators, systems administrators or network administrators.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy